Social Engineering
Identify weaknesses in your employees security knowledge. Start building your cyber security resilience today.
Contact UsWhat is Social Engineering?
Social engineering is the psychological manipulation of targeted individuals to perform actions or provide confidential information. Attackers target users / individuals within an organization, to access sensitive information that should not be shared publicly.
Social engineering is not limited to the more well-known type, email-based phishing. Social Engineering is always evolving and encompasses any phycological manipulation on individuals that lead to the attacker’s goal.
Examples of social engineering are:
Phone Phishing
Attackers call targets and try to maniuplate them via a phone conversation. These attackers tend to have a high success rate, as the targets have little time to think as its a live conversation.
SMS based Phishing
Smses are used to manipulate targets to take actions against their best interest. Attackers can impersonate companies and try steal credentials, money, provide sensitive information etc
Physical intrusion
Attackers will try and gain phyiscal access to the building to achieve their goal. Attackers use variety of techniques to get employees to act against their best wishes. This can range from dressing as a delivery person, impersonating a new employee to testing both the employees and the locations physical security safeguards.
Email based Phishing
Email based phishing can range from mass emails employees to highly targetted phishing emails, customly main for a specific individual (spear phishing). Attackers have all the time to research the targetted company and the employees, they can use this research to increaes the likelyhood the targets will fall for their phishing emails.
How We Do It?
We make your security project stress-free for you to have the perfect control.
Reconnaissance
After scoping is defined and parameters set, our consultants start with general reconnaissance and attack surface mapping.
- Assess public exposure of company and staff (social media, data dumps, other public sources)
- Identify software used such as online services (data leakage through publications, analysis of DNS records)
- Indepth OSINT research
Planning
After conducting our intial research, our consultants establish the best plan of attack for example
After we have planned our approach, our team crafts the contents of the campaign specific to our targets.
Preparation
This is always different for each social engineering engagement. As our consultants decide what is the best approach to target the organization, within in the scope and rules set by the client. However, to list some examples of preparation:
Attack & Reporting
In this phase our consultants launch the attack on the targetted company. This could range from:
After the attack is performed, our consultants provide a full report with recommendations. Finally we offer multiple aftercare options to ensure your organization is ready for real threats.
Our Pricing
Standard Package
- 30 Targets
- Tailored Emails
- 2 Attack vectors
- Discount on follow up phone phishing
- Full report & after attack support
- Emails Spread over multiple campaigns
- Phone & SMS Phishing included
Premium Package
- 75 Targets
- Tailored Emails
- 3 Attack vectors
- Emails spread over multiple campaigns
- SMS Phishing Included
- Full report & after attack support
- Continuous attacks over 5 working days
Premium Plus
- 120 Targets
- Tailored Emails
- 4 Attack vectors
- Emails spread over multiple campaigns
- SMS Phishing Included
- Continuous attacks over 5 working days
- Full report & after attack support
Book a Free Consultation Now
Get the right advice from the start, or tell us what you are looking for. Book a free consultation below